Community

---

@GreatCanadian wrote:

Here's your opening post:

 

"I just want to say I think it's highly stupid of Public Mobile to have customers giving their information to "Moderators" on a forum system to address issues, where by identity/authentication information will be kept in PM messages that could be hacked one day.
This is a good way to screw over your company if you're hacked."

 

Nowhere in there do I see a suggestion.

 

GC

---

Amen!  Koodo has just rolled out a $30 connection fee for new hardware if done at a store or calling customer service.  The fee is waived for online orders.  I guess the evolution of internet shopping is going to disrupt the old customer service model whether we like it or not.  I fail to see how anyone can complain about this service when it is merely leveraging the internet to the fullest.

Here's your opening post:

"I just want to say I think it's highly stupid of Public Mobile to have customers giving their information to "Moderators" on a forum system to address issues, where by identity/authentication information will be kept in PM messages that could be hacked one day.
This is a good way to screw over your company if you're hacked."

Nowhere in there do I see a suggestion.

GC

@jlangdale, so giving a voice response to a clerk on the other end of a phone call is secure?  I do not think it's any different.

Every support line these days will tell you your call *may be* recorded to ensure quality and training yadda yadda yadda.

I'm sure every support line is recorded... and these recordings are no different than the old information stored in any system.

Says the ranting ranter who is so trigger they think they feel a barfing physical reaction? Dude, it was a simple suggestion, and a good one.

It blows me away to see people ranting on this forum that Public Mobile doesn't have a store, you can't buy phones, doesn't have a call center, have to deal with moderators who steal our secret information and ruin our lives. DID THEY NOT READ THE HOME PAGE???!!!! Yeah, sign up for Public Mobile, and then b1tch about it's format. Why these people don't just bypass the homepage and move on to Bell, Rogers, or Telus is beyond me. They want the big carrier service with the little carrier price. Excuse me, I have to go barf.

GC

I just realized total misquotes

I was meaning to respond to the OP but somehow tagged you @jp2 in error (as obviously most of these "issues" were not yours)

---

@jp2 wrote:

 

@kav2001c Are you meaning to ask this to me?

I'm trying to make the point that it doesn't matter which company you are with or how you contact them they all store your info online so it is vulnerable to hackers. I also mentioned the Bell hacks further up in this thread.

---

---

@srlawren wrote:

---

@jp2 wrote:

@jlangdale just open the message click the delete button, then click confirm. If you are worried about somebody going through your old mail. 

---

@jp2 that only deletes the sent message. It doesn't delete it from the moderator team inbox. FYI. 

---

@srlawren ya I assume it is just like email. I was only saying that because jlangdale was concerned about somebody hacking into his account and reading his old sent mail to find person info

So my point is still generally valid, but at least if my account is compromised, no intruders can see my old messages.

If a mod is compromised, you're going to have lots of problems for sure!

---

@jp2 wrote:

@jlangdale just open the message click the delete button, then click confirm. If you are worried about somebody going through your old mail. 

---

@jp2 that only deletes the sent message. It doesn't delete it from the moderator team inbox. FYI. 

So if I wasn't too big of a moron, I would have found that faintly grey private message delete button on my own. Thanks, @jp2. Problem resolved.

@jlangdale This community is based on Lithium platform. And if you did not know, there are many companies such as PayPal, HP, Dell, Telus and many other use the same platform. So i consider it pretty secure compare to general forums. 

Nobody is arguing that database systems cannot be breached. That's not an argument anyone would make. But the point is that bulletin board systems are no where near as secure as systems designed to protect customer information, such as hashed passwords, ccvs, security questions, etc.

Once the information is PM'd, anyone else coming after that who compromised my account would see that information and asking for it to be re-submitted would be useless because it's already there in my PM history.

This is just very bad security and I don't see that any argument made here thus far, or anyone that hasn't been made yet can get around this, other than the argument, "We're on the cheap and you get the weak security you pay for."

To that I would say, Public Mobile isn't all THAT much cheaper. But look, I think this is still a prudent thing to avoid doing with PMs and I hope it doesn't bite anyone in the future. I also wish I could delete the messages that I provided with my information after they were used to verify my identity, but I cannot do this.

This is just bad form, not two ways about it.

---

@jlangdale wrote:

Regarding the point about "they always have your data," that's a valid point but leaving identity information in PM messages is quite different than having stored in a database system where it was original designed to be stored and secured.

---

@jlangdale is it really? How many times have the big 3 had customers info on their "database system where it was originally designed to be stored and secure" breached? 

After spending roughly 4-5 hours on this today, going back and forth, calling the bank, etc., having your support/mods answer PMs, I've finally successfully topped off my funds on my account. Yay.

Crypto w/XRP would be so much easier.

---

@kav2001c wrote:

@jp2 who is "they"?

All 4 of the major carriers have had breaches over the years exposing MILLIONS of Canadians credit information, credit cards, passwords (you know lazy/old people re-use same password everywhere, even banks) etc

 

That's why I am puzzled by your assertion against Public

 

The odds that any 1 given username has requested support are low (at best 10% of users) and even then to hack it nets no really usable info

 

If you want to be a script kiddie to steal info for mailing lists the website for Freedom Mobile is FAR easier to hack and will net you thousands of IDs in the time it takes you to break a single Public account (there is an entire debate raging over Freedom's lack of concern with privacy and security, at least here we REQUIRE an email / password for log in. Freedom forces all subscribers to use phone number + 4 digit pin which is easy to brute force crack)

 

---

@kav2001c I'm sorry if I have somehow given you the impression that I am saying PM is more unsecure than any other carrier. I definitely DO NOT think that in fact I think it could be safer because it is a smaller target with much less reward to a successful hacker. 

Regarding the point about "they always have your data," that's a valid point but leaving identity information in PM messages is quite different than having stored in a database system where it was original designed to be stored and secured.

No, not for a couple days. I've always tried to pay ahead of time and keep some money on the account. Looks like Firefox totally doesn't work with the plans page, but Chrome works.

---

@kav2001c wrote:

@jp2 maybe I am misreading this but... your concern is that someone would waste their time to hack into each users private mailboxes on the hope they might have sent personal info (name / date of birth / address ... nothing else is important on Public system)

 

Its totally not worth it

 

Far easier (and more lucrative) to hack the carriers servers themselves (eg look at the Bell data breach that effected 1.6 million customers or the Freedom data breach that effected 800,000 customers in past year)

 

By hacking the system itself you not only get the basic stuff (name / dob / addy) but also access to the good stuff (credit card numbers, SIN numbers, other credit identifiable sources)

 

 

---

@kav2001c Are you meaning to ask this to me?

I'm trying to make the point that it doesn't matter which company you are with or how you contact them they all store your info online so it is vulnerable to hackers. I also mentioned the Bell hacks further up in this thread.

@jlangdale is your plan renewing tonight? That's probably why

 @jlangdale who is "they"?

All 4 of the major carriers have had breaches over the years exposing MILLIONS of Canadians credit information, credit cards, passwords (you know lazy/old people re-use same password everywhere, even banks) etc

That's why I am puzzled by your assertion against Public

The odds that any 1 given username has requested support are low (at best 10% of users) and even then to hack it nets no really usable info

If you want to be a script kiddie to steal info for mailing lists the website for Freedom Mobile is FAR easier to hack and will net you thousands of IDs in the time it takes you to break a single Public account (there is an entire debate raging over Freedom's lack of concern with privacy and security, at least here we REQUIRE an email / password for log in. Freedom forces all subscribers to use phone number + 4 digit pin which is easy to brute force crack)

*edit as I tagged wrong poster in error 

Ah maybe it's just Firefox. I had to use Firefox because they said that different browsers may work better with the payment form.

What a hassle!

@jlangdale I really don't think they would do that or can do that. They are very good to deal with from my experience 

@jlangdale maybe I am misreading this but... your concern is that someone would waste their time to hack into each users private mailboxes on the hope they might have sent personal info (name / date of birth / address ... nothing else is important on Public system)

Its totally not worth it

Far easier (and more lucrative) to hack the carriers servers themselves (eg look at the Bell data breach that effected 1.6 million customers or the Freedom data breach that effected 800,000 customers in past year)

By hacking the system itself you not only get the basic stuff (name / dob / addy) but also access to the good stuff (credit card numbers, SIN numbers, other credit identifiable sources)

*edit as I tagged wrong poster lol 

Oh wow, I must have maybe pissed off someone or something. Because now I no longer see an "Amount due," nor do I see the ability to change my plan. I think one of these moderators may have ended my service or something.

Or this is an error with the site.

---

@jlangdale wrote:

Right, I typically use the online chat for basic things and questions. But if they want to verify my identity, I tyipically call in so the information is given verbally and not stored.

---

I get the concern as well but given that for most people there's no number to call what would be a good alternative?

I think if it were up to me I'd have all requests that require moderator intervention be done via Self-Serve and leave the forums for more general questions. Not 100% secure (nothing is as @srlawren rightfully says) but might be a bit better security-wise.

---

@jlangdale wrote:

Right, I typically use the online chat for basic things and questions. But if they want to verify my identity, I tyipically call in so the information is given verbally and not stored.

---

If u think about it when u call a call centre, who knows where in the world, the only way they can confirm your ID is by comparing the info you give them over the phone to what they already have on their computer/network.

It is definitely good to be cautious online though. 

@jlangdale seems a sensible precaution. However, not an option given PM's support model. There is a reason the plans are more affordable, and it's not the network quality. Something has to give.